xenbits.xensource.com Git - libvirt.git/commit

author	Andrea Bolognani <abologna@redhat.com>
	Mon, 12 Aug 2024 15:07:54 +0000 (17:07 +0200)
committer	Andrea Bolognani <abologna@redhat.com>
	Thu, 3 Oct 2024 11:29:59 +0000 (13:29 +0200)
commit	454219ad6c13f0f658cde7d593361236dfef11f8
tree	a10f1a7ef1a2f81d518f9249f625f419de97c42d	tree
parent	8fe803247e908bf1e6cc155b6c4b3ac112dda50d	commit \| diff

security: Allow skipping locking when labeling lock files

This is needed when migrating a guest that has persistent TPM
state: relabeling (which implies locking) needs to happen
before the swtpm process is started on the destination host,
but the lock file won't be released by the swtpm process
running on the source host before a handshake with the target
process has happened, creating a catch-22 scenario.

In order to make migration possible, make it so that locking
for lock files can be explicitly skipped. All other state
files are handled as usual.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

src/qemu/qemu_security.c		diff \| blob \| blame \| history
src/security/security_dac.c		diff \| blob \| blame \| history
src/security/security_driver.h		diff \| blob \| blame \| history
src/security/security_manager.c		diff \| blob \| blame \| history
src/security/security_manager.h		diff \| blob \| blame \| history
src/security/security_selinux.c		diff \| blob \| blame \| history
src/security/security_stack.c		diff \| blob \| blame \| history